25-05-202127-05-2021

Security daily (26-05-2021)

Operator of Deer.io, a hosting platform for cybercriminal services, is sentenced to 2.5 years

A Russian man was sentenced to 30 months in prison for running a website that sold stolen credit card data and other personal information to cybercriminals, according to a Department of Justice announcement. The Russian man, Kirill Victorovich Firsov, was first arrested last year, and pleaded guilty to hacking-related charges in January. Firsov was accused of having run the site, Deer.io, which hosted other cybercriminals’ shops, since 2013. Users could create accounts on Deer.io, using the platform as a foundation for their own sales. Deer.io raked in $17 million worth of sales and sold at least $1.2 million in U.S.-based stolen information, according to the Department of Justice. Many of the transactions involved Americans’ names, current addresses, telephone numbers, and Social Security numbers. The Department of Justice acknowledged that U.S. law enforcement had some difficulty gaining a foothold into the site given that it was run out of Russia, but […] The post Operator of Deer.io, a hosting platform for cybercriminal services, is sentenced to 2.5 years appeared first on CyberScoop. (CyberScoop)

Belgium uproots cyber-espionage campaign with suspected ties to China

A Belgian government ministry said this week that it was the victim of a cyber-espionage campaign that began two years ago, one that has apparent links to Beijing. The Federal Public Service Interior said it began an investigation in March after Microsoft revealed that Chineses state-sponsored hackers had used zero-days to attack its Exchange Server technology. The ministry called in the Centre for Cyber Security Belgium for aid. “The complexity of this attack indicates an actor who has cyber capacities and extensive resources,” the ministry aid in a statement on it website Tuesday. “The perpetrators acted in a targeted manner, which suggests espionage.” A ministry spokesperson didn’t immediately answer a message about whether the attack it endured dating back to 2019 were explicitly linked to the espionage Microsoft first alleged two months ago, instead of merely triggering a probe that uncovered a separate campaign. The earliest reported attacks exploiting the […] The post Belgium uproots cyber-espionage campaign with suspected ties to China appeared first on CyberScoop. (CyberScoop)

White House taps Matt Olsen, Uber security boss and former NSA lawyer, to lead key DOJ division

The White House has nominated Matt Olsen to run the Justice Department’s National Security Division, a move that would put the Uber security executive and former civil servant at the helm of some of the most sensitive cases in the U.S.  Olsen, who now works as Uber’s chief trust and security officer, previously worked as the director of the National Counterterrorism Center during the Obama administration and served as the general counsel of the National Security Agency. The Biden administration announced his nomination on Wednesday. If confirmed by the Senate, Olsen will take over a key division of the Justice Department focused on counterintelligence, terrorism, foreign interference in U.S. elections and, increasingly, cybersecurity matters. He would replace John Demers, an assistant attorney general who has focused heavily on countering alleged Chinese espionage and theft of intellectual property in the U.S.  The Biden administration tapped Olsen as national security officials reckon […] The post White House taps Matt Olsen, Uber security boss and former NSA lawyer, to lead key DOJ division appeared first on CyberScoop. (CyberScoop)

Security researchers suggest naming state-harbored hackers 'privateers'

The ransomware-induced disruption of Colonial Pipeline, which supplies 45% of fuel consumed on the East Coast, has already forced big changes to U.S. government policies on pipeline security and brought heightened scrutiny of organizations’ decisions to pay hackers ransoms. Now, the incident has factored into one prominent security firm’s decision to change how it publicly classifies the relationship between criminal hacking groups and the governments that host them. Talos, the threat intelligence unit of Cisco, said Wednesday that it would begin using the term “privateers” to describe hacking groups that aren’t controlled by governments but which “benefit from government decisions to turn a blind eye toward their activities.” Other cybersecurity executives have compared the safe havens that some governments provide cybercriminals today with 17th century piracy. “If it were the 17th century, and pirates harassing the English merchant fleet were ducking into Dutch harbors, at what point would the Dutch […] The post Security researchers suggest naming state-harbored hackers 'privateers' appeared first on CyberScoop. (CyberScoop)

S3 Ep34: Apple bugs, scammers busted, and how crooks bypass 2FA [Podcast]

Latest episode - listen now. (And please leave us a review if you like what you hear!) (Naked Security)

Vulnerability In VMware Product Has Severity Rating 9.8 Out Of 10

(News ≈ Packet Storm)

Bose Admits Ransomware Hit: Employee Data Accessed

(News ≈ Packet Storm)

Hacktivist Posts Massive Scrape Of Crime App Citizen To Dark Web

(News ≈ Packet Storm)

WhatsApp Goes To Court Over India Privacy Rules

(News ≈ Packet Storm)

This Weird Memory Chip Vulnerability Is Worse Than We Thought

(News ≈ Packet Storm)

Data Wiper Malware Disguised As Ransomware Targets Israeli Entities

Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions. Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker "Agrius." "An analysis of what at first (The Hacker News)

WhatsApp Sues Indian Government Over New Internet Regulations

WhatsApp on Wednesday fired a legal salvo against the Indian government to block new regulations that would require messaging apps to trace the "first originator" of messages shared on the platform, thus effectively breaking encryption protections. "Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would (The Hacker News)

Google Researchers Discover A New Variant of Rowhammer Attack

A team of security researchers from Google has demonstrated yet another variant of the Rowhammer vulnerability that targets increasingly smaller DRAM chips to bypass all current mitigations, making it a persistent threat to chip security. Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one (The Hacker News)

Russian Hydra DarkNet Market Made Over $1.3 Billion in 2020

Russian-language dark web marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016, marking a staggering 624% year-over-year jump over a three-year period from 2018 to 2020. "Further buoying Hydra's growth is its ability—or its good fortune—to remain running and unscathed against (The Hacker News)

PDF Feature ‘Certified’ Widely Vulnerable to Attack

Researchers found flaws most of the ‘popular’ PDF applications tested. (Threatpost)

VMware Sounds Ransomware Alarm Over Critical Severity Bug

VMware’s virtualization management platform, vCenter Server, has a critical severity bug the company is urging customers to patch “as soon as possible”. (Threatpost)

BazaLoader Masquerades as Movie-Streaming Service

The website for “BravoMovies” features fake movie posters and a FAQ with a rigged Excel spreadsheet for “cancelling” the service, but all it downloads is malware. (Threatpost)

‘Privateer’ Threat Actors Emerge from Cybercrime Swamp

‘Privateers’ aren’t necessarily state-sponsored, but they have some form of government protection while promoting their own financially-motivated criminal agenda, according to Cisco Talos. (Threatpost)

A Peek Inside the Underground Ransomware Economy

Threat hunters weigh in on how the business of ransomware, the complex relationships between cybercriminals, and how they work together and hawk their wares on the Dark Web. (Threatpost)

25-05-202127-05-2021

/security-daily/ 27-05-2021 23:44:24